package com.jc.cloud.sign.common.xss;

import com.jc.cloud.sign.common.exception.RRException;
import org.apache.commons.lang3.StringUtils;

/**
 * @BelongsPackage: com.jc.cloud.sign.common.xss
 * @Author: whx
 * @CreateTime: 2023-11-14 12:00
 * @Description: TODO
 */
public class SQLFilter {
    /**
     * SQL过滤
     *
     * @author Mark sunlightcs@gmail.com
     */


        /**
         * SQL注入过滤
         * @param str  待验证的字符串
         */
        public static String sqlInject(String str){
            if(StringUtils.isBlank(str)){
                return null;
            }
            //去掉'|"|;|\字符
            str = StringUtils.replace(str, "'", "");
            str = StringUtils.replace(str, "\"", "");
            str = StringUtils.replace(str, ";", "");
            str = StringUtils.replace(str, "\\", "");

            //转换成小写
            str = str.toLowerCase();

            //非法字符
            String[] keywords = {"master", "truncate", "insert", "select", "delete", "update", "declare", "alter", "drop"};

            //判断是否包含非法字符
            for(String keyword : keywords){
                if(str.indexOf(keyword) != -1){
                    throw new RRException("包含非法字符");
                }
            }

            return str;
        }

}
